Lucene search
PRIOn knowledge basePRION:CVE-2022-25882HistoryJan 26, 2023 - 9:15 p.m.
Directory traversal
2023-01-2621:15:00
PRIOn knowledge base
www.prio-n.com
4
onnx
versions
vulnerable
directory traversal
external_data field
tensor proto
path
outside directory
nvd
0.002 Low
EPSS
Percentile
56.2%
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example “…/…/…/etc/passwd”
References
gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856
github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129
github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d
github.com/onnx/onnx/issues/3991
github.com/onnx/onnx/pull/4400
security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479
Related
osv
osv
Directory Traversal in onnx
2023-01-26 21:30:25
PYSEC-2023-38
2023-01-26 21:15:00
CVE-2022-25882
2023-01-26 21:15:31
github
github
Directory Traversal in onnx
2023-01-26 21:30:25
Onnx Directory Traversal vulnerability
2024-02-23 18:30:59
cvelist
cvelist
CVE-2022-25882
2023-01-25 05:00:02
CVE-2024-27318
2024-02-23 17:37:36
ubuntucve
ubuntucve
CVE-2022-25882
2023-01-26 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: pytorch (CVE-2022-25882)
2023-04-20 00:00:00
Fedora 39 : onnx (2024-270e3b5e9b)
2024-03-28 00:00:00
Fedora 40 : onnx (2024-abe1e34fdb)
2024-04-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-25882 affecting package pytorch for versions less than 2.0.0-1
2023-04-16 00:49:41
nvd
nvd
CVE-2022-25882
2023-01-26 21:15:31
CVE-2024-27318
2024-02-23 18:15:50
cve
cve
CVE-2022-25882
2023-01-26 21:15:31
CVE-2024-27318
2024-02-23 18:15:50
veracode
veracode
Directory Traversal
2023-01-31 03:43:00
prion
prion
Directory traversal
2024-02-23 18:15:00
